package util.web;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.onjob.security.GroupsDao;
import com.onjob.security.GroupsDaoImpl;
import com.onjob.security.LoginAction;

import com.onjob.security.Users;
public class CheckFilter implements Filter {
    private Users user ;
    private GroupsDao groupdo = new GroupsDaoImpl();
	public void destroy() {
		// TODO Auto-generated method stub
		
	}

	@Override
	public void doFilter(ServletRequest request1, ServletResponse response1,
			FilterChain chain) throws IOException, ServletException {
		
		
		HttpServletResponse response = (HttpServletResponse) response1;
		HttpServletRequest request = (HttpServletRequest)request1;
		String url = request.getServletPath();
		
		System.out.println("url-------"+url);
		if(url.endsWith("login.action")||url.endsWith("logindo.action")){
			System.err.println("可以通过");
			chain.doFilter(request1, response1);
		}
		else{
		 if(request.getSession().getAttribute("user")!=null){
	    	System.out.println("url111-------"+url);
	    	Users user = (Users)request.getSession().getAttribute("user");
	    	if(!groupdo.isCanDo(user, url)){
	    		request.getSession().setAttribute("message", "您的账号权限限制，不能进行此操作，请您先登录");
				response.sendRedirect("/onjob/login.action");
	    	}
	    	else{
	    		chain.doFilter(request1, response1);
	    	}
	    }
	    else{
	    	request.getSession().setAttribute("message", "您现在没有权限，不能进行此操作，请您先登录");
			response.sendRedirect("/onjob/login.action");
	     }
			
			
		}    
  }
		
		


	@Override
	public void init(FilterConfig arg0) throws ServletException {
		// TODO Auto-generated method stub
		
	}


}
